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In the 20+ years the Internet has existed, many security issues have not changed: 
Everyone still believes they know all about computer security, and most of what they know 
is still wrong. The networks are still infested with failing computers, supporting malware 
ecosystems that degrade service for all users. Non-working security tools ("snake oil") 
continue to sell at a brisk pace. Everybody still lies, especially commercial software vendors 
and "certified technicians" (a.k.a. outside sales reps) trained by them. But other things have 
changed substantially: Surveillance, profiling, and covert manipulation of network users has 
reached and passed levels that were the stuff of paranoid fantasy 20 years ago, and the 
noose of network censorship is beginning to draw closed. The Hackers are no threat at all, 
compared to the Corporate and State actors who have taken control of the public networks. 
Today, network security is about more than locking hostile parties out of your computer: It 
means asserting ownership over your property in digital space, and taking back the 
freedoms that have already been stolen from you by criminals great and small. This is 
easier than it sounds, when you know the fundamentals. 


The information presented here provides a starting point and logical framework for building 
your own understanding of computer security, developing your own network security 
policies and "best practices," and enforcing them on a daily basis. No one but you knows 
exactly what information and communications you are defending, who your potential 
adversaries are, what motivates them, and what resources they have. There are no one 
size fits all security solutions, So no one but you can make final decisions about what tools 
and strategies you will use to protect your assets. 


If you spot any substantial errors in this guide, please let me know: Any corrections | make 
will be credited. If you believe you have learned anything useful here, please pass this 


document on to others. When any user adopts more effective security practice on the 
network, all network users benefit. Have fun and be safe. 


Security in Context 


Perfect or absolute network security is not possible. Security is a spending contest: If it 
costs an adversary more than it is worth to him to compromise your assets, you win. If it 
costs you more to secure an asset than the asset is worth to you, you lose. 


Defending digital assets is usually orders of magnitude cheaper than attacking them, if the 
defender uses effective tools and strategies from the beginning. As Lao Tzu said, "It is easy 
to solve a large problem while it is still small." 


Network Security Axioms 


e Everything is under control; your control or someone else's. 
e A trusted system is one that can break your security model. 
e A hardened perimeter is easily broken; a hardened system, not so much. 


e The laws of nations are easily broken; the laws of physics, not so much. 


In God we trust, all others provide full source code for peer review. 
e Given enough observers, all bugs are shallow. 

e To make a system stronger, attack it. 

e Physical access can compromise any network security model. 

e A failed data backup may cost more than a successful break-in. 

e An unexamined assumption is a ticking time bomb. 


e User refusal is the principal barrier to secure networking. 


System Security 


Network security is only as reliable as the security of the actual computers involved in 
network communication. In practical terms, this requires use of a UNIX class operating 
system such as GNU/Linux or FreeBSD on every machine that hosts any valuable data or 
performs any security related network functions. 


The security of UNIX derives from its file system architecture, where all data, devices, and 
processes on the system are treated as files. Each "file" has an explicitly defined owner. 
Access to any file is restricted to the user account that owns it. Other users are granted 
access only as explicitly authorized by a file's owner, or by root, the super-user account that 
controls the whole file system. The power to read a file, alter a file, or execute a file as a 
program is explicitly defined on a per-user basis. Along with data stored on disk, UNIX 
treats allocated memory blocks, running processes, data streams, etc. as files. The root 
account is the final authority assigning these permissions, and is used for system 


administration only. 


The UNIX file system architecture amounts to a system of internal firewalls, and it makes 
UNIX systems immune to all viruses and most malware*. Attacking a properly configured 
UNIX class operating system on the network is difficult, expensive, and has a low 
probability of success. The UNIX security model proactively forbids all actions that are not 
necessary to perform authorized tasks. The objectives of UNIX security are to reduce 
security incidents to the smallest attainable number, and to limit the damage from security 
incidents as far as possible. 


* Clam AV and similar virus scanners are available for UNIX systems, such as mail servers, 
where they are used to test files received from untrusted sources for re-transmission to 
vulnerable Microsoft systems. Some promoters have misrepresented this as "proof" that 
Linux and other UNIX based systems do need antivirus software. 


In strong contrast to the simple, effective security architecture of UNIX systems, Microsoft's 
DOS/NT systems are permissive by default. Instead of a consistent global security 
architecture, Microsoft uses a collection of ad-hoc restrictions in an effort to prevent specific 
classes of malicious action by users and the processes they launch. All of the ~100 million 
botnet installations presently running on the public Internet are running on compromised 
Microsoft operating systems. Anti-virus software, PC firewalls and similar add-ons can, at 
best, partially mitigate the inherent insecurity of Microsoft systems. Tens to hundreds of 
thousands of Microsoft operating systems are compromised daily via inexpensive 
automated attacks. The Microsoft security model reactively blocks specific attacks in 
response to observed security breaches. The objective of Microsoft's security model is to 
maintain the highest rates of failure, repair and replacement that the market will bear. 


Microsoft is widely suspected of installing back doors into its operating systems, and has 
recently been caught conducting active surveillance of Skype users. It is easy for a vendor 
to sabotage ‘proprietary trade secret’ software, and difficult to detect or prove that it has 
been done - a"good" back door looks like an honest programming error. 


Apple's OSX operating systems are based on BSD UNIX, which makes them orders of 
magnitude more stable and secure than Microsoft operating systems. OSX is not BSD, and 
has no significant history of use on commercial network servers, so little is Known about its 
performance in a hostile network environment. Although Apple makes source code 
available, OSX receives much less peer review, documentation, and community support for 
network security than Free and Open operating systems like GNU/Linux and FreeBSD. The 
relatively small hacker community associated with OSX is much more interested in illegally 
"reverse jailbreaking" OSX to run on cheap commodity hardware, than in auditing its 
security features and running penetration tests against it. Recent security incidents with 
OSX are not as significant as press accounts would have us believe, but they do indicate 
an increase in attacks against the OSX platform. 


Apple is well positioned to break the user's security and openly does so via DRM and 
censorship at the software and network service levels. OSX keeps a permanent forensic 
record of all files downloaded by all applications. iPhone owners can "securely encrypt" the 
data stored on these devices but Apple can and does routinely break this encryption on 


demand, indicating that the tool has a deliberately installed back door. Apple's hip, cool, 
progressive image falls apart if one looks too closely. 


Anonymity and Counter-Censorship 


Proof of identity, such as proof that a given message was sent by a certain person, or proof 
that a piece of software was written by the owner of a certain public cipher key, is a core 
function in network security. However, the opposite case - concealment of identity - is also 
an important network security function. 


The Internet's infrastructure is a vast array of privately owned computers controlled by their 
Corporate owners and monitored by a diverse collection of State agencies. A rational 
security model must assume that all network communications may be monitored and 
recorded by potentially hostile parties, and that any network connection may be subject to 
deliberate interruption a.k.a. censorship. In some instances a user may choose to reveal 
his or her identity and the destination and content of his or her message traffic to the whole 
world. In other instances the authorship, content and/or destination of message traffic may 
be private or confidential, and protected from public exposure through encryption and/or 
anonymized mix networking. Those who do not understand and possess the tools for 
encrypted and anonymized communications have no choice about exposing their identities 
and every detail of everything they do or say on the network, and no way to publish or read 
censored materials: These are fundamental security failures. 


Mix networking conceals the origin and destination of messages passing over the public 
Internet by encrypting messages in multiple layers and sending them through a series of 
mix routers. At each router in this chain the outermost layer of encryption is removed by the 
router, revealing an encrypted message, and the address of the next mix router in the chain 
to forward the encrypted message to. The first router in the chain knows which user is 
sending an anonymous message, but does not know the content or destination of that 
message. When the message arrives at the last router in the chain, that router knows the 
destination address and (in some instances) the message content, but not the sender's 
identity. Routers in the chain between the points of entry and exit do not know the origin, 
content, or final destination of the message. 


This is a basic description of anonymous mix networking as performed by the now obsolete 
Cypherpunk Remailer network. Modern mix networking technology provides methods for 
two-way communication, including anonymous web browsing. Today's principal mix 
networks are TOR, i2p, Freenet and the Mixmaster and Mixminion remailers. The global 
mix network infrastructure consists of privately owned systems running Free Software tools 
that provide counter-surveillance and counter-censorship services in the public interest. 
The resulting confidential networks are sometimes called "darknets." 


An unknown number of routers in all mix networks are operated by law enforcement and 
military intelligence services of various nations, both to conceal their own confidential 
network traffic and to conduct a variety of attacks against the anonymity of other users. 
Whether and how far to trust the security of anonymous mix networks is an open question 
for all users. Court records describe cases where anonymous mix users disclosed their 


identities to investigators by revealing too much personal information when communicating 
with informants via anonymous mix channels. No Court records, and nothing in any leaked 
documents from NSA or other sources, suggests that any anonymous mix protocol has 
ever been broken. However, network anonymity is an ongoing arms race against very 
powerful adversaries and the protection provided against State actors by mix networking 
should not be considered absolute. 


Anonymous network protocols should not be confused with pseudo-anonymous 
networking. A commercial VPN provider or confidential mail service has all the information 
on hand to identify any user in response to a Court order, or to inadvertently disclose the 
identities of all their users in the event of a security breach. Whether and how far to trust 
such services depends entirely on your security model: Who are you defending the data in 
question from, what methods of attack are available to them, and what are the potential 
consequences in the event your identity and activities are compromised? Pseudo- 
anonymous networking may be appropriate for some applications but not others. 


Cryptography and Security 


Encryption and digital signatures are the bedrock of network security, providing essential 
building blocks for practical security protocols. Encryption protects data from unintentional 
exposure. Digital signatures verify both the authorship and integrity of data. To date, 
modern digital encryption can not be broken and digital signatures can not be forged - 
although either can be compromised by incorrect usage, or defeated by attacking the 
computers that perform these functions. 


Crypto security depends on several factors: The user must understand the basic principles 
well enough to make informed decisions about which tools and protocols to use, which 
purposes to use them for, and how far to trust the security provided. The tools in question 
must use well known and widely tested and attacked cipher and hash functions; there is no 
rational basis for assigning any trust to untested or secret cryptographic tools. As a 
practical rule, the full source code of the actual programs must be published for public 
review as a partial defense against programmer error or deliberate sabotage. To prevent 
3rd party sabotage, the user must verify the author's digital signature on any security tool 
before installation and use - and never install or use unsigned tools. The user must also 
consider that no security tool can be more secure than the hardware and operating system 
it is running on, and that no secret message remains secret after it is transmitted to another 
user whose system has been compromised. 


Symmetric ciphers employ the same key to encrypt and decrypt data. This is a 
straightforward process where a unique, user-created key governs a complex mathematical 
function used to scramble the original data, and only the same key and function can restore 
the data to its original form. Well known symmetric ciphers include 3DES, AES and 
Blowfish. Ciphers with numerical suffixes, i.e. AES 256 and AES 512, are variants of the 
same cipher that accept different key lengths in binary notation; AES 256 uses a 256 bit 
key, AES 512 uses a 512 bit key. Every bit (binary digit) added to the length of a key 
doubles its effective strength against an attack that just tries all possible combinations; 


larger keys are usually desirable. 


Asymmetric a.k.a. Public Key ciphers employ two keys which are generated in pairs, one to 
encrypt and one to decrypt data. The uniquely valuable feature of asymmetric ciphers is 
that party A can openly publish a public key, which parties B, C, D etc. can then use to 
encrypt messages that only A can decrypt, because only A has the private component of 
the key pair. A widely used analogy compares this to distributing an unlimited supply of 
open padlocks that can be used to secure any container, while one person keeps the only 
key that opens these locks. Asymmetric ciphers include RSA and El Gamal. The ownership 
of public keys can be confirmed by verifying the key fingerprint with the key's owner face to 
face (a reliable method), or indirectly by verifying a digital signature added to the key in 
question by a trusted third party (a potential trouble source). 


Message digests a.k.a. hashes, are fixed length numerical values calculated from the entire 
body of a larger data set such as the text of an e-mail message, a downloaded program 
file, or a CD ISO file. A digital signature is made by calculating a hash for the data to be 
signed, then encrypting that hash with the private key of the person making the signature. 
To verify the signature, the signer's public key is used to decrypt the hash. If the decrypted 
hash matches that of the signed data, two things are proven: The owner of the private key 
in question signed the data, and the data in question is a bit-for-bit perfect copy of the data 
that was signed. 


Secure File Storage 


The first widely available encryption tool was Pretty Good Privacy. PGP was created by Phil 
Zimmermann and released to the public in 1991 at risk of Federal prosecution under the 
Arms Export Control Act; this is why Cypherpunks sometimes refer to cryptographic tools 
as "mathematical munitions." Commercial versions of PGP are still available, but today's 
industry standard is GPG, the GNU Privacy Guard. GPG does symmetric (single key) and 
asymmetric (public key) encryption of text and files, makes and verifies digital signatures 
and manages collections of keys. As noted above, cryptographic software is mission critical 
for network security and must include full source code for peer review. Current commercial 
versions of PGP are closed source, which disqualifies these products from most uses. 


GPG enables the user to encrypt individual files, but as a practical matter one can not do 
this with working directories full of files that may be considered private or confidential. "On 
the fly" encryption that locks down whole directories, partitions, or hard drives solves this 
problem neatly. The content of encrypted partitions or containers is inaccessible until the 
user enters his or her pass phrase to unlock them. When unlocked, encrypted file systems 
look and act like normal hard drives or directory trees. When an encrypted container is 
mounted, its key is stored in system memory and a special driver encrypts files being 
written to the container as they enter, and decrypts files as they are read out of the 
container. In the event of a system failure or unexpected loss of power, the key is lost from 
memory leaving the encrypted container closed and locked. 


Modern operating systems include built in crypto utilities that can be turned on to encrypt 
any user account's "home directory” I.e. file storage space. How far to trust this is largely a 


product of how far one trusts the operating system itself. (See above regarding the back 
door in Apple's iPhone data encryption tool.) On any system, if the pass phrase used is too 
short it will not resist a brute force attack. Virtual system memory, a.k.a. the swap space on 
the hard drive, may contain sensitive data and should itself be encrypted to prevent its 
contents from being recovered. On a Debian based GNU/Linux system, typing "sudo 
ecryptfs-setup-swap" at the command terminal will permanently activate this feature if it is 
not already installed and turned on. 


Truecrypt is often used for making secure backups on external hard drives and/or in large 
container files burned to CD or DVD. It also does this very clever trick: Truecrypt enables 
the user to create a hidden container inside a container. This feature was first proposed by 
Julian Assange, who called it "Rubber Hose" in reference to rubber hose cryptography: 
One may be forced to give up the key to the outer container, without revealing the 
existence of an inner one. 


In May of 2014, Truecrypt's developers abruptly abandoned the project and rather 
dramatically announced that it "may contain unfixed security issues." An independent code 
audit project examining Truecrypt has released a preliminary report that includes no 
surprises or critical security advisories. Archives of all Truecrypt versions have appeared, 
and at least one team is now forming to take over maintenance and development of 
Truecrypt. 


Hardware Level Attacks 


New computers with the Windows 8 logo on them include "Secure Boot," a hardware level 
attack against the end user who purchases the device. The Windows 8 logo on the outside 
means that the motherboard inside has been sabotaged to lock out all operating systems 
except those authorized and digitally signed by Microsoft. These sabotaged units can not 
run standard maintenance and repair tools and can not run important network security tools 
such as the TAILS Live USB operating system. "Secure Boot" also prevents a computer's 
owner from installing any operating system that is capable of secure operation in a hostile 
network environment. The most practical solution: Do no purchase any product with a 
"Windows 8" logo on its case or box, and spread the word. Microsoft can strong-arm PC 
makers into selling broken computers, but they can not force us to buy them. 


Microsoft's most ambitious hardware level attack against its customers was called 
Palladium and later renamed Longhorn. This was a hardware enforced split-level operating 
system with the machine's owner locked in a restricted sandbox, remotely accessible and 
fully controlled by Microsoft and its chosen partners in industry and government. This 
Trusted Computing Platform used advanced crypto protocols to prevent the owners of 
Longhorn-equipped machines from observing, altering or disabling the remote monitoring, 
censorship and control functions. For unknown reasons - possibly legal and diplomatic 
issues - this project was abandoned at the 11th hour. A version of Longhorn without remote 
surveillance and control functions was hastily built on top of the MS Server 2003 operating 
system, and rolled out as "Vista" one year behind schedule. 


Microsoft is not the only player in the hadrware sabotage game. The popular and very 


expensive Barracuda network firewall appliance is presented as a way to protect insecure 
Microsoft systems on a LAN from the dangers of the Internet. It also happens to have hard- 
coded backdoors enabling Barracuda Networks, Inc. and its chosen corporate and State 
partners to log in with root access and observe, modify, or even fully reprogram the 
appliance at will. The owner of the firewall box can not turn this off. Admins who are not 
comfortable with a factory-rooted firewall box might be interested in clearOS or Smoothwall, 
Free operating systems with vendor support available by subscription, that turn an unused 
spare PC into a powerful, configurable, and much more trustworthy firewall appliance. 
Finding reliable replacements for Cisco appliances with hard coded factory back doors may 
be more challenging. Per report, "Cisco is a very enthusiastic partner to the Intelligence 
Community---one of those sensitive relationships managed through the NSA Special 
Source Operations office." J. Random & Co. will of course find and use these back doors 
for fun and proit. 


Further Reading and Practical Exercises 


1. Read "A Call to Cryptographic Arms,” the introduction to Cypherpunks by Julian Assange 
(2012), for an overview of the social and political implications of global network surveillance 
and censorship today: 


http://cryptome.org/2012/12/assange-crypto-arms.htm 
http://www.orbooks.com/catalog/cypherpunks 


Learn about the scope and depth of State and commercial network surveillance and 
manipulation. This includes routine user tracking and profiling by national intelligence 
services, and in the private sector by search engines, advertising contractors, social media 
providers and others. Starting points include: 


http://finance.yahoo.com/news/phone-firms-sell-data-customers-231300766.html 
http:/Awww.bloomberg.com/news/2013-06-14/u-s-agencies-said-to-swap-data-with- 
thousands-of-firms.html 
http:/Awww.brookings.edu/research/papers/2011/12/14-digital-storage-villasenor 
http:/Awww.youtube.com/watch?v=DIGdWsxHJIM 
http://tinyurl.com/bigbrother-bigfacebook 

https://en.wikipedia.org/wiki/Filter bubble 
https://en.wikipedia.org/wiki/Stellar_ wind %28code_ name%29 
https://w2.eff.org/Privacy/TIA/ 

http://wiki.echelon2.org/wiki/Romas/COIN 


2. Learn about browser plugins and specialty search engines that neutralize most of the 
routine user tracking and profiling, a.k.a. in-depth intelligence collection, conducted by 
Corporate actors: 


https://addons.mozilla.org/en-US/firefox/addon/noscript/ 
https://addons.mozilla.org/en-US/firefox/addon/ghostery/ 
https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/ 
https://addons.mozilla.org/en-US/firefox/addon/redirect-cleaner/ 


https://duckduckgo.com/ 


3. If you are presently using Microsoft operating systems, start practical work toward 
transition to using more secure and reliable operating systems. Learning your way around a 
new operating system may include temporarily dual booting with two operating systems on 
one machine, acquiring a new (or used) computer for your new operating system, or simply 
replacing the insecure operating system straight away. 


Download and burn a Linux Live CD or DVD and boot a computer using this disc, to start 
exploring the potentials of Free and Open computing. If the computer does not 
automatically boot from the CD or DVD, see this how-to doc. Bear in mind that running a 
complex operating system directly from a CD or DVD provides very slow and limited 
functionality compared to running the same OS as a normal installation on the hard drive. 
Booting from a Live CD or DVD does not affect the existing operating system installed on 
the computer. Check out the user manual for Linux Mint, currently the best Linux 
distribution for beginners IMNSHO, with complete instructions: 


http:/Awww.linuxmint.com/documentation/user-guide/Cinnamon/english_18.0.pdf 


4. Obtain and study how to docs on general network security. These are among the best 
that are currently available, and cover basic to advanced topics in practical detail: 


http://en.flossmanuals.net/_booki/basic-internet-security/basic-internet-security. pdf 
http://en.flossmanuals.net/_ booki/bypassing-censorship/bypassing-censorship.pdf 


5. Get GPG, the industry standard tool for e-mail encryption and digital signatures. GPG, 
like its predecessor PGP, provides a full set of tools for both symmetric and public key 
ciphers and for making and reading digital signatures. Learn about how it works, and 
practice communicating with more experienced users until your results are consistently 
reliable. GPG is available for all operating systems, as is the Enigmail plugin that 
conveniently integrates it with the Mozilla Thunderbird email program. If you are using a 
webmail service like GMail or Yahoo!, or an e-mail account provided by your ISP, you might 
want to get a real e-mail account of your own from a service like usermail.com. 


http://www.gnupg.org 


http:/www.madboa.com/geek/gpg-quickstart/ 


6. Learn about network anonymity tools, try them out and explore their potentials and 
limitations. AS mentioned above, these tools enable users to pick and choose what parts of 
their Internet activity are open to surveillance, and enable them to both read and publish 
"censored" documents. 


The TOR Browser Bundle is an E-Z end user application for anonymized networking. TOR 
has four principal functions: 1) Defeating network censorship. 2) Defeating network 
surveillance. 3) Access to hidden web servers with .onion domain names. 4) Hosting 


hidden .onion websites. According to PFC Manning's report, the U.S. Army still uses TOR 
when conducting open source intelligence gathering on the Internet. 


TOR SECURITY ISSUE - 


In 2015, prominent TOR developer and privacy advocate Jacob Appelbaum resigned from 
the TOR Project due to allegations of sexual misconduct. Public statements from the TOR 
Project, and dissenting statements from individuls inside the TOR Project, paint a picture of 
gross malfeasance in personnel management and vicious personal vendettas run rampant 
at the TOR Project: See The Crucifixion of |OError for an introduction to the can of worms 
that ate the TOR Project. TOR has now acquired a now board of directors and moved office 
across the country: But although some parties to the scandal have gotten "satisfaction," 
closure is nowhere in sight. 


Fun fact: The TOR Browser ships with the NoScript plugin, an essential component for 
enhanced privacy and security, already installed. But it is turned OFF by default. Not only 
does Javascript present a massive attack surface for exploits delivered by hostile or 
compromised websites, it also makes nearly unique user identification through browser 
fingerprinting possible. See below for some details: 


| about Tor L*| 


— about:tor IR> Startpage ase nh | 


Te ad Congratulations! 
This browser is configured to use Tor. 


You are now free to browse the Internet anonymously. 
Test Tor Network Settings 


Search securely with Startpage 
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How Unique and Trackable — Is Your Browser? 


Within our dataset of several million visitors, only one in 24.618 browsers have the 
same fingerprint as yours. 
— 


Currently, we estimate that your browser has a fingerprint that conveys 14.6 bits of 


identitying Information. 
\® Panopticlick j + ] | 
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contr Panepiiclick- 


How Unique 


Within our dataset of several million visitors, only one in 412 browsers have the same 
fingerprint as yours. 
——— 


and Trackable — Is Your Browser? 


Currently, we estimate that your browser has a fingerprint that conveys 8.69 bits of 


Even if one makes the most pessimistic assumptions, TOR remains useful. It will continue 
to punch through school, corporate and even national network firewalls. TOR negates 
surveillance by network service providers and makes users effectively invisible to 
surveillance and profiling by corporate actors. TOR will continue to reliably protect wireless 
connections at public venues from eavesdropping or manipulation by J. Random Hacker. 
But TOR users who have reason to believe that the NSA or another State actor would ever 
actually do anything with information collected about their TOR-cloaked activities, such as 
share it with a law enforcement agency or hostile government, or deny/revoke a security 
clearance, should adjust their security model accordingly. 


https://www.torproject.org 


I2P, a.k.a. the "Invisible Internet Protocol,” is a darknet that does not connect to the open 
public Internet. I2P is principally used for anonymous file transmission via bit torrent, and 
publishing easily configured user-made websites. The i2p network also includes forums 
and news services. Most consider the security of the i2p protocol equal or superior to that 
of the TOR network. Setting up i2p requires the user to RTFM (Read The Fine Manual), but 
should not be difficult for anyone who is comfortable installing software. 


http://www.i2p2.de 


Freenet includes both an anonymizing network protocol, hosting for websites and forums, 
its own version of USENET and distributed file storage via hard drive space donated by 
users. The files stored by Freenet on users' hard drives are encrypted and anonymized, 
protecting users against prosecution for "possession of illegal ones and zeros." The 
Freenet router requires settings similar to i2p when installed. Unlike TOR and i2p, Freenet 
is a processor intensive application. Many users report that it does not work and play well 
with other desktop computer applications. 


https://freenetproject.org 


7. Recently there has been another major outbreak of idiocy in the online press about "how 
to make a secure password." All anyone needs to know about passwords, and 
cryptographic pass phrases, is summed up in one word: Diceware. Replace speculation 
with fact, opinion with knowledge, and guesswork with reliable procedure: 


http://diceware.com 


Re-using a password all over the place is a Very Bad Thing, except in cases where you just 
don't care whether it keeps intruders out. An attacker who succeeds in stealing the 
password for one service, will try it on all accounts the user has on other services. The 
corporate network of leading Federal security contractor HBGary was completely trashed 
because its CEO re-used his password. 


One's most frequently used pass phrases will be automatically memorized though simple 
repetition. For all those other credentials, the cross platform application KeePass2 may be 
useful: It runs on all major operating systems (even as a Portable App carried on a USB 
stick) and encrypts its database with the user's choice of AES or Twofish. KeePass makes 


managing ANY number of "logins" a snap. Because Libre Office and Open Office use the 
Blowfish cipher to encrypt password protected documents, an ODT word processor 
document locked down with a strong pass phrase provides a highly portable, cross-platform 
solution for secure storage of login credentials and other key personal data like banking 
credentials, account details and etc. 


In Conclusion 


No matter where you live, no matter who you are, you have a right to free speech and free 
association, a right to remain silent, and a right to say "no" to arbitrary search and seizure. 
Any private or State actor who violates these rights commits a crime by dong so. The 
Cypherpunk and Hacker communities provide tools and education enabling you to exercise 
and defend these rights in the world of networked computing, even in the presence of 
powerful adversaries. The tools are free as in beer (no charge), free as in speech (open 
source) and free as in Freedom (community property per GPL-model licenses). We are told 
that these tools are "hard to use" and impose major sacrifices on their users. As a lazy, 
ignorant, but very demanding user, | find the convenience and reliability of Free Software 
downright luxurious compared to commercial alternatives. Your mileage may vary. 


Your comments and suggestions are always welcome, and of course confidential service is 
always available: 57CE6BAA.asc is my public GPG key, please include your key ID if you 
prefer encrypted correspondence. 
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